A company wants to quickly connect its on-premises environment to AWS using an existing internet connection with encrypted communication. Which service is MOST suitable for this requirement?
A question about selecting the appropriate service for an encrypted connection over the internet.
AWS Direct Connect
This is incorrect. AWS Direct Connect is a service that establishes connectivity through a dedicated physical circuit, which requires significant time and cost to provision.
This does not meet the requirement to quickly set up an encrypted connection using an existing internet connection.
AWS Site-to-Site VPN
This is correct. AWS Site-to-Site VPN uses an existing internet connection to establish an encrypted connection (IPsec VPN) between on-premises and AWS. It does not require dedicated circuit provisioning, and can be set up quickly at low cost. Connection quality depends on the internet.
Amazon CloudFront
This is incorrect. CloudFront is a CDN (Content Delivery Network — a system that caches content at edge locations around the world and delivers it at high speed from locations close to the user) service for content delivery.
It is not a service for establishing an encrypted connection between on-premises and AWS.
Amazon S3
This is incorrect. Amazon S3 is an object storage service.
It is not a network service for establishing an encrypted connection between on-premises and AWS.
'Internet-based,' 'encrypted,' and 'quick setup' all point to Site-to-Site VPN. For stable, low-latency connectivity over a dedicated circuit, use Direct Connect. The key differentiator is the type of circuit (internet vs. dedicated).